xref: /OK3568_Linux_fs/buildroot/package/dropbear/dropbear.mk (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun################################################################################
2*4882a593Smuzhiyun#
3*4882a593Smuzhiyun# dropbear
4*4882a593Smuzhiyun#
5*4882a593Smuzhiyun################################################################################
6*4882a593Smuzhiyun
7*4882a593SmuzhiyunDROPBEAR_VERSION = 2022.82
8*4882a593SmuzhiyunDROPBEAR_SITE = https://matt.ucc.asn.au/dropbear/releases
9*4882a593SmuzhiyunDROPBEAR_SOURCE = dropbear-$(DROPBEAR_VERSION).tar.bz2
10*4882a593SmuzhiyunDROPBEAR_LICENSE = MIT, BSD-2-Clause, Public domain
11*4882a593SmuzhiyunDROPBEAR_LICENSE_FILES = LICENSE
12*4882a593SmuzhiyunDROPBEAR_TARGET_BINS = dropbearkey dropbearconvert scp
13*4882a593SmuzhiyunDROPBEAR_PROGRAMS = dropbear $(DROPBEAR_TARGET_BINS)
14*4882a593SmuzhiyunDROPBEAR_CPE_ID_VENDOR = dropbear_ssh_project
15*4882a593SmuzhiyunDROPBEAR_CPE_ID_PRODUCT = dropbear_ssh
16*4882a593Smuzhiyun
17*4882a593Smuzhiyun# Disable hardening flags added by dropbear configure.ac, and let
18*4882a593Smuzhiyun# Buildroot add them when the relevant options are enabled. This
19*4882a593Smuzhiyun# prevents dropbear from using SSP support when not available.
20*4882a593SmuzhiyunDROPBEAR_CONF_OPTS = --disable-harden
21*4882a593Smuzhiyun
22*4882a593Smuzhiyunifeq ($(BR2_PACKAGE_DROPBEAR_CLIENT),y)
23*4882a593Smuzhiyun# Build dbclient, and create a convenience symlink named ssh
24*4882a593SmuzhiyunDROPBEAR_PROGRAMS += dbclient
25*4882a593SmuzhiyunDROPBEAR_TARGET_BINS += dbclient ssh
26*4882a593Smuzhiyunendif
27*4882a593Smuzhiyun
28*4882a593SmuzhiyunDROPBEAR_MAKE = \
29*4882a593Smuzhiyun	$(MAKE) MULTI=1 SCPPROGRESS=1 \
30*4882a593Smuzhiyun	PROGRAMS="$(DROPBEAR_PROGRAMS)"
31*4882a593Smuzhiyun
32*4882a593Smuzhiyun# With BR2_SHARED_STATIC_LIBS=y the generic infrastructure adds a
33*4882a593Smuzhiyun# --enable-static flags causing dropbear to be built as a static
34*4882a593Smuzhiyun# binary. Adding a --disable-static reverts this
35*4882a593Smuzhiyunifeq ($(BR2_SHARED_STATIC_LIBS),y)
36*4882a593SmuzhiyunDROPBEAR_CONF_OPTS += --disable-static
37*4882a593Smuzhiyunendif
38*4882a593Smuzhiyun
39*4882a593Smuzhiyunifeq ($(BR2_PACKAGE_LINUX_PAM),y)
40*4882a593Smuzhiyundefine DROPBEAR_SVR_PAM_AUTH
41*4882a593Smuzhiyun	echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0'     >> $(@D)/localoptions.h
42*4882a593Smuzhiyun	echo '#define DROPBEAR_SVR_PAM_AUTH 1'          >> $(@D)/localoptions.h
43*4882a593Smuzhiyunendef
44*4882a593Smuzhiyundefine DROPBEAR_INSTALL_PAM_CONF
45*4882a593Smuzhiyun	$(INSTALL) -D -m 644 package/dropbear/etc-pam.d-sshd $(TARGET_DIR)/etc/pam.d/sshd
46*4882a593Smuzhiyunendef
47*4882a593SmuzhiyunDROPBEAR_DEPENDENCIES += linux-pam
48*4882a593SmuzhiyunDROPBEAR_CONF_OPTS += --enable-pam
49*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PAM_AUTH
50*4882a593SmuzhiyunDROPBEAR_POST_INSTALL_TARGET_HOOKS += DROPBEAR_INSTALL_PAM_CONF
51*4882a593Smuzhiyunelse
52*4882a593Smuzhiyun# Ensure that dropbear doesn't use crypt() when it's not available
53*4882a593Smuzhiyundefine DROPBEAR_SVR_PASSWORD_AUTH
54*4882a593Smuzhiyun	echo '#if !HAVE_CRYPT'                          >> $(@D)/localoptions.h
55*4882a593Smuzhiyun	echo '#define DROPBEAR_SVR_PASSWORD_AUTH 0'     >> $(@D)/localoptions.h
56*4882a593Smuzhiyun	echo '#endif'                                   >> $(@D)/localoptions.h
57*4882a593Smuzhiyunendef
58*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_SVR_PASSWORD_AUTH
59*4882a593Smuzhiyunendif
60*4882a593Smuzhiyun
61*4882a593Smuzhiyunifeq ($(BR2_PACKAGE_DROPBEAR_LEGACY_CRYPTO),y)
62*4882a593Smuzhiyundefine DROPBEAR_ENABLE_LEGACY_CRYPTO
63*4882a593Smuzhiyun	echo '#define DROPBEAR_3DES 1'                  >> $(@D)/localoptions.h
64*4882a593Smuzhiyun	echo '#define DROPBEAR_ENABLE_CBC_MODE 1'       >> $(@D)/localoptions.h
65*4882a593Smuzhiyun	echo '#define DROPBEAR_SHA1_96_HMAC 1'          >> $(@D)/localoptions.h
66*4882a593Smuzhiyun	echo '#define DROPBEAR_DH_GROUP1 1'             >> $(@D)/localoptions.h
67*4882a593Smuzhiyunendef
68*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_ENABLE_LEGACY_CRYPTO
69*4882a593Smuzhiyunelse
70*4882a593Smuzhiyundefine DROPBEAR_DISABLE_LEGACY_CRYPTO
71*4882a593Smuzhiyun	echo '#define DROPBEAR_DSS 0'                   >> $(@D)/localoptions.h
72*4882a593Smuzhiyunendef
73*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_DISABLE_LEGACY_CRYPTO
74*4882a593Smuzhiyunendif
75*4882a593Smuzhiyun
76*4882a593Smuzhiyunifeq ($(BR2_PACKAGE_DROPBEAR_DISABLE_REVERSEDNS),)
77*4882a593Smuzhiyundefine DROPBEAR_ENABLE_REVERSE_DNS
78*4882a593Smuzhiyun	echo '#define DO_HOST_LOOKUP 1'                 >> $(@D)/localoptions.h
79*4882a593Smuzhiyunendef
80*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_ENABLE_REVERSE_DNS
81*4882a593Smuzhiyunendif
82*4882a593Smuzhiyun
83*4882a593Smuzhiyunifeq ($(BR2_PACKAGE_DROPBEAR_SMALL),y)
84*4882a593SmuzhiyunDROPBEAR_LICENSE += , Unlicense, WTFPL
85*4882a593SmuzhiyunDROPBEAR_LICENSE_FILES += libtommath/LICENSE libtomcrypt/LICENSE
86*4882a593SmuzhiyunDROPBEAR_CONF_OPTS += --disable-zlib --enable-bundled-libtom
87*4882a593Smuzhiyunelse
88*4882a593Smuzhiyundefine DROPBEAR_BUILD_FEATURED
89*4882a593Smuzhiyun	echo '#define DROPBEAR_SMALL_CODE 0'            >> $(@D)/localoptions.h
90*4882a593Smuzhiyunendef
91*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_BUILD_FEATURED
92*4882a593SmuzhiyunDROPBEAR_DEPENDENCIES += zlib libtomcrypt
93*4882a593SmuzhiyunDROPBEAR_CONF_OPTS += --disable-bundled-libtom
94*4882a593Smuzhiyunendif
95*4882a593Smuzhiyun
96*4882a593Smuzhiyundefine DROPBEAR_CUSTOM_PATH
97*4882a593Smuzhiyun	echo '#define DEFAULT_PATH $(BR2_SYSTEM_DEFAULT_PATH)' >>$(@D)/localoptions.h
98*4882a593Smuzhiyunendef
99*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_CUSTOM_PATH
100*4882a593Smuzhiyun
101*4882a593Smuzhiyundefine DROPBEAR_INSTALL_INIT_SYSTEMD
102*4882a593Smuzhiyun	$(INSTALL) -D -m 644 package/dropbear/dropbear.service \
103*4882a593Smuzhiyun		$(TARGET_DIR)/usr/lib/systemd/system/dropbear.service
104*4882a593Smuzhiyunendef
105*4882a593Smuzhiyun
106*4882a593Smuzhiyunifeq ($(BR2_USE_MMU),y)
107*4882a593Smuzhiyundefine DROPBEAR_INSTALL_INIT_SYSV
108*4882a593Smuzhiyun	$(INSTALL) -D -m 755 package/dropbear/S50dropbear \
109*4882a593Smuzhiyun		$(TARGET_DIR)/etc/init.d/S50dropbear
110*4882a593Smuzhiyunendef
111*4882a593Smuzhiyunelse
112*4882a593Smuzhiyundefine DROPBEAR_DISABLE_STANDALONE
113*4882a593Smuzhiyun	echo '#define NON_INETD_MODE 0'                 >> $(@D)/localoptions.h
114*4882a593Smuzhiyunendef
115*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_DISABLE_STANDALONE
116*4882a593Smuzhiyunendif
117*4882a593Smuzhiyun
118*4882a593Smuzhiyunifneq ($(BR2_PACKAGE_DROPBEAR_WTMP),y)
119*4882a593SmuzhiyunDROPBEAR_CONF_OPTS += --disable-wtmp
120*4882a593Smuzhiyunendif
121*4882a593Smuzhiyun
122*4882a593Smuzhiyunifneq ($(BR2_PACKAGE_DROPBEAR_LASTLOG),y)
123*4882a593SmuzhiyunDROPBEAR_CONF_OPTS += --disable-lastlog
124*4882a593Smuzhiyunendif
125*4882a593Smuzhiyun
126*4882a593SmuzhiyunDROPBEAR_LOCALOPTIONS_FILE = $(call qstrip,$(BR2_PACKAGE_DROPBEAR_LOCALOPTIONS_FILE))
127*4882a593Smuzhiyunifneq ($(DROPBEAR_LOCALOPTIONS_FILE),)
128*4882a593Smuzhiyundefine DROPBEAR_APPEND_LOCALOPTIONS_FILE
129*4882a593Smuzhiyun	cat $(DROPBEAR_LOCALOPTIONS_FILE) >> $(@D)/localoptions.h
130*4882a593Smuzhiyunendef
131*4882a593SmuzhiyunDROPBEAR_POST_EXTRACT_HOOKS += DROPBEAR_APPEND_LOCALOPTIONS_FILE
132*4882a593Smuzhiyunendif
133*4882a593Smuzhiyun
134*4882a593Smuzhiyundefine DROPBEAR_INSTALL_TARGET_CMDS
135*4882a593Smuzhiyun	$(INSTALL) -m 755 $(@D)/dropbearmulti $(TARGET_DIR)/usr/sbin/dropbear
136*4882a593Smuzhiyun	for f in $(DROPBEAR_TARGET_BINS); do \
137*4882a593Smuzhiyun		ln -snf ../sbin/dropbear $(TARGET_DIR)/usr/bin/$$f ; \
138*4882a593Smuzhiyun	done
139*4882a593Smuzhiyun	ln -snf /var/run/dropbear $(TARGET_DIR)/etc/dropbear
140*4882a593Smuzhiyunendef
141*4882a593Smuzhiyun
142*4882a593Smuzhiyun$(eval $(autotools-package))
143